Real-time threat finder

Real-time threat finder I want to make a small program that is capable to download files from the cloud onto my system. As the file reaches my system, another program on my system will analyze the file and try to find suspicious behaviors in it.
Asked by: Guest \| Views: 155

Total answers/comments: 1

Comments display order:

Guest [Entry]

A part of this could be done with MITRE's honeyclient project (http://www.honeyclientdotorg/trac) and/or captureBAT (www.honeynetdotorg/node/315), however you may need some custom scripts to select and download files. Honeyclient is intended to find websites that exploit your system, while captureBAT is a behavioural analysis tool to help characterize software. This would be run in a VM, running one program at a time, and then the log files would need to be studied to determine if the behaviour of the software is actually malicious.